We started using Nconf 3.5 and Nagios 1.3 recently.Everything works fine with default local accounts that we can login to Nagios web console as “nagiosadmin” and to Nconf as “admin”.

We, then, started migrating to AD for user authentication.We configured Nagios for AD and it works fine that users defined in AD can all login to Nagios. This is the <Directory> section in /etc/httpd/conf.d/nagios.conf:(Note that line #18 AuthLDAPURL is doing subtree search for all user accounts)

This configuration only allows user accounts defined at the AD_BASE_DN level to login to Nconf. (We think it searches in AD with search scope being "base".)------------------We did a little research on AD and Nconf and we found something at this URL:http://www.nconf.org/dokuwiki/doku.php? ... on:ad_ldap

It said something about AD_LDAP_PORT.---> "The LDAP port to connect to. This constant is ignored when using URL notation in the AD_LDAP_SERVER constant."This sentence implies that AD_LDAP_SERVER constant can use URL notation, it that right?With this in mind, we went on to modify line #60 to: 60 define('AD_LDAP_SERVER', "ldaps://namdev.nsrootdev.net:636/DC=namdev,DC=nsrootdev,DC=net?sAMAccountName?sub");

Note this line #60 is the same line as line #18 in nagios.conf.After we restared everyting, Nconf does not allow anyone to login.

So, how do we configure authentication.php so that Nconf would search all user accounts under AD_BASE_DN with search scope being "sub"?

There are AuthLDAPBindDN and AuthLDAPBindPassword defined in nagios.conf. How come these are not defined in authentication.php? How does NCONF bind to an AD server?